Vulnerability Disclosure Policy
Security at ANFA Meridian
We take the security of our systems, our clients' data, and AAOT seriously. If you believe you have found a security vulnerability, we encourage you to report it responsibly.
Reporting a Vulnerability
Email: security@anfameridian.com
Please include a detailed description of the vulnerability, steps to reproduce it, and any supporting evidence (screenshots, logs, proof-of-concept).
Our Commitments
- We will acknowledge receipt of your report within 48 hours.
- We will provide an initial assessment within 5 business days.
- We will work with you to understand and resolve the issue promptly.
- We will keep you informed of our progress.
- We will credit you publicly (if desired) once the issue is resolved.
Safe Harbor
ANFA Meridian will not pursue legal action against security researchers who discover and report vulnerabilities in good faith and in compliance with this policy. We consider good-faith security research to be authorized activity.
Scope
This policy applies to the following systems and services:
- www.anfameridian.com and all subdomains
- AAOT platform and related services
- APIs operated by ANFA Meridian
Out of Scope
- Social engineering or phishing attacks against employees
- Denial of service (DoS/DDoS) attacks
- Physical security testing
- Third-party services and applications not operated by ANFA Meridian
Preferred Languages
We accept vulnerability reports in English and French.
© 2026 ANFA Meridian. All rights reserved.